Strictly follow the international standard of pre-attack, attack and post-attack testing processes to ensure that the testing process is comprehensive and effective.
Combined with social engineering, vulnerability exploitation and other technologies for testing, targeting the business system for a deeper and more comprehensive security check.
Delve deep into business requirements, provide customized testing solutions and assist in vulnerability resolution, and conduct penetration review after resolution.
Check whether the HTTPS protocol transmission algorithm is secure, whether the information related to the middleware have been disclosed, detect whether there are abnormal errors, etc.
Detect whether one can directly access unauthorized pages in the backend, check whether the CAPTCHA has any security risks, and whether it is capable of preventing brute force cracking, etc.
Check for security risks in the session Cookies, and monitor whether the Session ID changes before and after login.
Detect whether there are unauthorized access, path traversal, arbitrary file download, logic defects, etc.
Detect the existence of SQL injection vulnerabilities, cross-site scripting, code injection, URL forwarding, file upload test, etc.
Database application vulnerabilities, framework vulnerabilities, port security, overflow, etc.